Full Disclosure mailing list archives

Re: Is OWASP vulnerable ??

From: Valdis.Kletnieks () vt edu
Date: Sat, 10 Mar 2007 16:51:51 -0500

On Sat, 10 Mar 2007 15:15:54 CST, Paul Schmehl said:

Given the syntax of this function, wgBreakFrames can only have one of two
values: true or false.

I'd be interested to see some POC that would show how you would exploit
this.


The first thing to do is abuse the variable. In addition to true and false, try
3, 0 , -37, "Cabbage", and maybe "true) and (my_evil_function()))". See if you
can force it to throw a syntax error that creates a 404 page or something that
contains *other* input you control, especially if it finds its way to an eval().

Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Is OWASP vulnerable ?? Scarlet Pimpernel (Mar 10)
- Re: Is OWASP vulnerable ?? jf (Mar 10)
- Re: Is OWASP vulnerable ?? Paul Schmehl (Mar 10)
  - Re: Is OWASP vulnerable ?? Valdis . Kletnieks (Mar 10)
    - Re: Is OWASP vulnerable ?? Paul Schmehl (Mar 10)
    - Re: Is OWASP vulnerable ?? Valdis . Kletnieks (Mar 10)
    - Re: Is OWASP vulnerable ?? Paul Schmehl (Mar 10)
    - Re: Is OWASP vulnerable ?? jf (Mar 10)
    - Re: Is OWASP vulnerable ?? czino2 (Mar 11)
    - Re: Is OWASP vulnerable ?? Michael Silk (Mar 11)
- Re: Is OWASP vulnerable ?? Andrew Farmer (Mar 10)
  - Re: Is OWASP vulnerable ?? Scarlet Pimpernel (Mar 10)
    - Re: Is OWASP vulnerable ?? jf (Mar 10)
    - Re: Is OWASP vulnerable ?? czino2 (Mar 11)

(Thread continues...)